Mass infection of WordPress sites due to TimThumb

Recently a new high risk vulnerability was discovered in the highly popular TimThumb script. TimThumb is a small php script for cropping, zooming and resizing web images (jpg, png, gif). Perfect for use on blogs and other applications.

TimThumb is included in a lot of WordPress plugins and themes (free and paid). Exploiting this vulnerability an attacker can upload and excute a PHP file of his choice on a vulnerable website.

By default the script allows uploding files from a list of trusted external domains specified below:

It should not be possible to upload files from another external domain. However, the check is flawed because you can bypass it using a domain like blogger.com.hacker.com. This domain passes the check but belongs to hacker.com, making the script exploitable.

Hackers are already exploiting this vulnerability in the wild and there are thousands of sites hacked.

Does Anti Malware Plugin protect against this vulnerabiliy?

Yes. All requests made in order to exploit this vulnerability are denied with a "Precondition Failed" error message.

Your vulnerable WordPress sites are safe.

If you install AM plugin after hacked, then you should scan your accounts and delete all possible backdoors/malware already installed.

(0 vote(s))

Helpful

Not helpful

Comments (0)

Post a new comment

Reply to comment

Full Name:

Email:

Comments:

CAPTCHA Verification

Please enter the text you see in the image into the textbox below (we use this to prevent automated submissions).